Joel MBA OYONE wrote:
You'll also need a raddb/sites-enabled/inner-tunnel file. It's not
installed in 2.0.3. This was fixed in 2.0.4.
what is inner-tunnel file intend for ??
Read the comments in the file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Joel MBA OYONE wrote:
So if SSID friend is assigned to VLAN 100, the end-user will associate
with that SSID, right??
No. VLAN assignment is after SSID association, and after 802.1x
authentication.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Karthik R wrote:
I'm trying to configure freeradius2.0.3 to authenticate wireless users
against AD.
You should probably use 2.0.4, for a number of reasons.
Installed CA.der certificate alone on the windows xp supplicant, i didnt
generate individual client certificate as i dont want the
Gabriel J Marais wrote:
I have been trying to setup freeradius with mysql to detect and reject
simultaneous logins for the past two days and been reading up, but I can't
get it working at all. Perhaps someone here has some more information on a
working example for me... ?
...
Any pointers
Thanks a lot, Alan!
I am kind of beginner in this, so can you please give me more details about
eapol_test program (it's a freeradius tool? where do I find it?)
Dana
On Wed, May 21, 2008 at 6:59 PM, Alan DeKok [EMAIL PROTECTED]
wrote:
Dana Blanaru wrote:
Does anyone know where can I find
Thanks Naunidh, I will try to document myself about this.
Meanwhile, anything you can tell me about how to use this eapol_test would
be appreciated.
On Wed, May 21, 2008 at 4:58 PM, Naunidh S Chadha [EMAIL PROTECTED] wrote:
Hi
I am trying to figure out how to test EAP-MD5 using radclient. I
Dana Blanaru wrote:
Thanks a lot, Alan!
I am kind of beginner in this, so can you please give me more details
about eapol_test program (it's a freeradius tool? where do I find it?)
Google? As I said, it's part of the wpa_supplicant project. They're
NOT hard to find.
For EAP testing,
Hi.
Now I went back to the default configuration and made only a few changes
(according to
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO).
Everything looks much better now, but I still get the wrong password
error.
I think, that the problem is in this part of
Hello,
I am actually using freeradius with EAP-TLS and x509 user certificat
authentication.
After authentication I would like to chack the common name or email
address propertires of te certificate againsta LDAP, to authorize the
user connection.
is it possible to do this ?
I tyed but it
Hi,
Now I went back to the default configuration and made only a few changes
(according to
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO).
Everything looks much better now, but I still get the wrong password
error.
ntlm_auth isnt happy - the ouput shows this..
Hi,
You'll also need a raddb/sites-enabled/inner-tunnel file. It's not
installed in 2.0.3. This was fixed in 2.0.4.
what is inner-tunnel file intend for ??
it is a virtual server thats only purpose is to look at the stuff
inside an EAP tunnel - be that PEAP or EAP-TTLS etc etc. using
MYNTDOMAIN is just a fake Domain name I pasted in the log. But ntlm_auth
on server uses my real domain...
I see the error announced by ntlm_auth, but don't know how to repair it.
When I run ntlm_auth --request-nt-key --domain=MYREALNTDOMAIN
--username=user and provide the password, everything
Thanks Alan, for all your answers hints.
Upgrading to 2.0.4 did the trick, everything seems to work fine now.
Alan DeKok wrote:
...
ttls {
default_eap_type = mschapv2
Are you using EAP-MSCHAPv2, or MS-CHAPv2? See the comments above this
Hi All
An update: I tried using OpenSSL version 9.8c,
but got exact same issues.
Wed May 21 19:31:19 2008 : Debug: rlm_eap_tls: Done initial handshake
Wed May 21 19:31:19 2008 : Debug: rlm_eap_tls: TLS 1.0 Handshake
[length 038d], Certificate
Wed May 21 19:31:19 2008 : *Error: -- verify
Alan DeKok. wrote:
No. VLAN assignment is after SSID association, and after 802.1x
authentication.
OK, is it possible to associate in SSID_1 and be assigned to a different VLAN
than the we are associated in ? (exemple, when i am associated to SSID_1, which
belongs to VLAN100, RADIUS
Hi,
I'm having to write my own validation and accounting for a device,
and I need to understand a little about the flow. Is there a good reference
for this? I don't have to support much, basically user/pass authentication,
updating accounting, timeout, logoff.
I understand that
Hi,
I have a openLDAP server with multiply branches:
dc=domA -a list of users
dc=domB -a list of users
dc=domC -a list of users
now I want to AAA from freeradius using this syntax:
[EMAIL PROTECTED],
[EMAIL PROTECTED]
how to setup radius.conf?
I sucessufully reach ldap server with single
Tomáš Janeček wrote:
MYNTDOMAIN is just a fake Domain name I pasted in the log. But ntlm_auth
on server uses my real domain...
I see the error announced by ntlm_auth, but don't know how to repair it.
When I run ntlm_auth --request-nt-key --domain=MYREALNTDOMAIN
--username=user and provide
Naunidh S Chadha wrote:
...
Wed May 21 19:31:19 2008 : *Error: -- verify error:num=20:unable to get
local issuer certificate*
Wed May 21 19:31:19 2008 : Debug: rlm_eap_tls: TLS 1.0 Alert [length
0002], fatal unknown_ca
The certificate supplied by the client was not signed by a CA that
Tuc at T-B-O-H.NET wrote:
I'm having to write my own validation and accounting for a device,
Don't. Please. There are a number of RADIUS libraries available,
including freeradius-client, on freeradius.org. It's supported, it
works, and it's in use by a number of products.
and I need
Riccardo Veraldi wrote:
After authentication I would like to chack the common name or email
address propertires of te certificate againsta LDAP, to authorize the
user connection.
It comes in the User-Name attribute.
is it possible to do this ?
I tyed but it seems not working in my
Joel MBA OYONE wrote:
No. VLAN assignment is after SSID association, and after 802.1x
authentication.
OK, is it possible to associate in SSID_1 and be assigned to a different
VLAN than the we are associated in ?
That doesn't make sense. SSID's aren't tied to VLANs, unless you
configure
I'm having to write my own validation and accounting for a device,
Don't. Please. There are a number of RADIUS libraries available,
including freeradius-client, on freeradius.org. It's supported, it
works, and it's in use by a number of products.
I have no issue using a
Alan,
I possess a device from D-Link (DWS-3024). it is a wireless switch controler,
and the documentation says that:
- One SSID has to be affect to one VLAN on the profile.
- An Access point could be configured with up to 8 ifferent SSIDs and it is
possible to affect each SSID on its own
HI Joel,
I think the issue here is that the D-Link AP's you have are rather
limited.
Radius can not ever assign an SSID because that step occurs before the
user authenticated. Wireless starts with an association from the user
to the AP's SSID from there the AP decides what needs to
Thank you Joe for your answer!
We all agree that assocation is made before authentication process, in order to
RADIUS to be able to do its stuffs. but the fact is that it doesn't work, and i
was wondering what would be the result if i set:
Tunnel-Private-Group-ID = 100 (when the SSID were i am
Joel MBA OYONE wrote:
We all agree that assocation is made before authentication process, in
order to RADIUS to be able to do its stuffs. but the fact is that it
doesn't work,
Then your NAS is broken. Buy a real NAS that supports VLAN assignment.
and i was wondering what would be the
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
2 Oulfa
Casablanca - Maroc
Tél. : +212 69 25 85 70
- Message d'origine
De : Alan DeKok [EMAIL PROTECTED]
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Jeudi, 22 Mai 2008,
Um... i think i just sent an empty response, sorry about that and thank you for
this clear explanation. i just will change my NAS!
(but i will call d-link before ).
see ya!
Joel MBA OYONE wrote:
We all agree that assocation is made before authentication process, in
order to RADIUS to be
Hi Guys
Thanks for the reply. I have had a look at the debug mode (I think it's
running radiusd -X ??)
1. I am receiving Interim Updates from my upstream ISP.
2. My sqltrace.log file is not showing anything of interest with regards to
simultaneous queries.
3. Running in Debug mode, I see all
Gabriel J Marais wrote:
Don't CC me. I *DO* read the list.
Thanks for the reply. I have had a look at the debug mode (I think it's
running radiusd -X ??)
As documented in the FAQ, README, INSTALL, and daily on this list.
Is there anywhere else we should document this?
1. I am
://lists.freeradius.org/pipermail/freeradius-users/attachments/20080522/82252264/attachment-0001.html
--
Message: 6
Date: Thu, 22 May 2008 12:12:49 -0400
From: Joe Vieira [EMAIL PROTECTED]
Subject: Re: Re : Dynamic VLAN and FreeRadius
To: FreeRadius users mailing list
Extract from my radius.conf file has this :-
session {
sql
}
Seems like it is configured.
G
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 22, 2008 8:43 PM
To: [EMAIL PROTECTED]; FreeRadius users mailing list
Subject: Re: mysql simultaneous
Regards:
Sorry my english!
I'm using Exec-Program-Wait for session control and printing a
Session-Timeout = 0 parameter, but don' work. In cistron radius, I received
logs in radius.log:
Tue Sep 4 17:26:57 2007 : Debug: Exec-Program output Session-Timeout:=100
Tue Sep 4 17:26:57
I have a free radius working and says it's accepting requests. I have put in
the ldap server information into the radiusd.conf file and put in a user
that's capable of looking up password within the directory. I have also
added the Sonicwall to the clients.conf file and the radius server is
Hi,
I've noticed on the default FR 2.0.4 MySQL counter.conf file, for the
sqlcounter noresetcounter , there isn't a count-attribute of
Acct-Session-Time or a reply-name of something like Session-Timeout.
The dailycounter and monthlycounter both have a reply-name . Is this
for a reason,
Hi,
I've run this on FR2.0.3 and 2.0.4, MySQL and Postgresql, and
I seem to see a pattern. I'm not sure if its the correct behaviour or
not.
Using counters, I add Max-All-Session := 123 into my database
for a user. when I run radtest, I get :
setup# radtest hotspot ICANSEE
37 matches
Mail list logo
